This file contains a module that performs validation of DNS queries. More...
#include "util/module.h"#include "util/data/msgreply.h"#include "validator/val_utils.h"#include "validator/val_nsec3.h"Data Structures | |
| struct | val_env |
| Global state for the validator. More... | |
| struct | val_qstate |
| Per query state for the validator module. More... | |
Macros | |
| #define | NULL_KEY_TTL 60 /* seconds */ |
| This is the TTL to use when a trust anchor fails to prime. More... | |
| #define | BOGUS_KEY_TTL 60 /* seconds */ |
| TTL for bogus key entries. More... | |
| #define | SENTINEL_IS "root-key-sentinel-is-ta-" |
| Root key sentinel is ta preamble. | |
| #define | SENTINEL_NOT "root-key-sentinel-not-ta-" |
| Root key sentinel is not ta preamble. | |
| #define | SENTINEL_KEYTAG_LEN 5 |
| Root key sentinel keytag length. | |
Enumerations | |
| enum | val_state { VAL_INIT_STATE = 0 , VAL_FINDKEY_STATE , VAL_VALIDATE_STATE , VAL_FINISHED_STATE } |
| State of the validator for a query. More... | |
Functions | |
| struct module_func_block * | val_get_funcblock (void) |
| Get the validator function block. More... | |
| const char * | val_state_to_string (enum val_state state) |
| Get validator state as a string. More... | |
| int | val_init (struct module_env *env, int id) |
| validator init | |
| void | val_deinit (struct module_env *env, int id) |
| validator deinit | |
| void | val_operate (struct module_qstate *qstate, enum module_ev event, int id, struct outbound_entry *outbound) |
| validator operate on a query | |
| void | val_inform_super (struct module_qstate *qstate, int id, struct module_qstate *super) |
| inform validator super. More... | |
| void | val_clear (struct module_qstate *qstate, int id) |
| validator cleanup query state | |
| size_t | val_get_mem (struct module_env *env, int id) |
| Debug helper routine that assists worker in determining memory in use. More... | |
| void | validate_suspend_timer_cb (void *arg) |
| Timer callback for msg signatures continue timer. | |
This file contains a module that performs validation of DNS queries.
According to RFC 4034.
| #define NULL_KEY_TTL 60 /* seconds */ |
This is the TTL to use when a trust anchor fails to prime.
A trust anchor will be primed no more often than this interval. Used when harden- dnssec-stripped is off and the trust anchor fails.
| #define BOGUS_KEY_TTL 60 /* seconds */ |
TTL for bogus key entries.
When a DS or DNSKEY fails in the chain of trust the entire zone for that name is blacked out for this TTL.
| enum val_state |
| struct module_func_block* val_get_funcblock | ( | void | ) |
Get the validator function block.
References val_block.
Referenced by module_funcs_avail().
| const char* val_state_to_string | ( | enum val_state | state | ) |
Get validator state as a string.
| state | to convert |
References VAL_FINDKEY_STATE, VAL_FINISHED_STATE, VAL_INIT_STATE, and VAL_VALIDATE_STATE.
Referenced by val_handle().
| void val_inform_super | ( | struct module_qstate * | qstate, |
| int | id, | ||
| struct module_qstate * | super | ||
| ) |
inform validator super.
| qstate | query state that finished. |
| id | module id. |
| super | the qstate to inform. |
References dns_msg_deepcopy_region(), LDNS_RR_TYPE_DS, log_query_info(), module_qstate::minfo, val_qstate::nsec3_cache_table, process_ds_response(), process_prime_response(), module_qstate::qinfo, query_info::qtype, module_qstate::region, module_qstate::reply_origin, module_qstate::return_msg, module_qstate::return_rcode, val_qstate::sub_ds_msg, VERB_ALGO, verbose(), and val_qstate::wait_prime_ta.
Referenced by fptr_whitelist_mod_inform_super().
| size_t val_get_mem | ( | struct module_env * | env, |
| int | id | ||
| ) |
Debug helper routine that assists worker in determining memory in use.
| env | module environment |
| id | module id. |
Referenced by fptr_whitelist_mod_get_mem().